so you meant, it's more better to avoid them physically.. ;<(
----- Original Message -----
From: "pkc_mls" <pkc_...@yahoo.fr>
To: "FreeRadius users mailing list" <freeradius-users@lists.freeradius.org>
Sent: Friday, May 29, 2009 2:33 PM
Subject: Re: new to freeradius, securing LAN
ldap.lippogeneral.com a écrit :
Hello All,
I am very new to FreeRadius, some of users are already knew our LAN IPs
.. so they can manually configure an interface on their PC and completely
bypass our DHCP server.. can I solve this by using FreeRadius?
I thought this can be done by checking its MAC address, so although they
use valid IP address but if their MAC address not recognized by our server
then they must be denied and they cannot go anywhere and cannot do
anything in our LAN..
I need advise..
Hi,
The problem is not really linked with radius, let's try to propose some
directions anyway.
Most recent switches proposes to do VLAN assignement based on port or
MAC address. Check if your switches can do this.
Radius can be used to authenticate a device (in your case, a PC) with
informations like MAC address or a certificate.
So you can also do some mac based authentication, but keep in mind that
changing a MAC address is as easy as setting a static LAN IP on a PC, so
it's definitely not enough if you wish to avoid what you described above.
hope this'll help.
many thanks in advance
------------------------------------------------------------------------
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users..html
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
***********************
Your mail has been scanned by MSS.
***********-***********
***********************
Our outgoing mail has been scanned by MSS.
***********-***********
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
